On Sun, 15 May 2011, Graham Leggett wrote:
Do you think that untrusted shmtl files are not a common use case? In that
case I would tend to the "people can always switch back to the old
restricted expression syntax" solution.
I don't follow what you mean by "untrusted shtml files"?
shtml files that are writable by users who are not allowed to read all
files that httpd may have access to. .htaccess files have similar issues.
What the -A option does is say "if this particular request for this URL would
succeed should this particular user attempt to access this particular URL
directly, then show this data". Or in English, you would use the -A option
within a page to show or hide links to something in a page depending on
whether that person has access to that link.
Maybe the -A option was a bad example, then, because it allows only
access to resources that can be viewed directly, too. But ap_expr would
allow things like
<!--#if expr="file('/etc/passwd') =~ /.../" >
This only allows to leak one bit of the file contents per request, but if
used often enough, it could be used to reconstruct the whole file. For
.htaccess, this is not a new problem (see SSLRequire), but for shtml
files, it would be.
